SECTCP home | Easy400 | IBM i home
FTP settings
Quick start
Securing FTP
WRK user profiles
WRK directories
WRK IP addresses
Active Defense
User exit pgm
TELNET settings
Access-Reject Messages
HTTP logs

previous page page 2 out of 16 next page
FTP settings (1/7)
1. Secure FTP
To enable SECTCP defenses for FTP, program entries must be added to two specific exit points, QIBM_QTMF_SERVER_REQ and QIBM_QTMF_SERVER_LOG.
This is done by
  • selecting Option 1 (Secure FTP) from the initial SECTCP Menu (see Figure 1), then
  • selecting Option 1 (Add FTP exit programs) from the "Secure FTP" Menu (Figure 2).
                                  Secured FTP                          EASY400  
  Select one of the following and press Enter                                   
     1. Add FTP exit programs     Not yet added                                 
     2. Rmv FTP exit programs                                                   
     3. Work with user profiles                                                 
     4. Work with allowed directories                                           
     5. Work with IP addresses                                                  
     6. Active Defense            Disabled                                      
     7. Start logging                                                           
     8. End logging                                                             
     9. Display log
    10. Display 24 hrs rejections log
  Your selection ==>  __                                                        
  F3=Exit   F12=Previous   F22=Command entry                                    
Figure 1 - "Secure FTP" Menu
On the next screen:
                                  Secured FTP                          EASY400  
                              Add FTP exit program                              
                   Program number  _________1  1-2147483647                     
  You should leave 1 for the program number, unless you already assigned        
  other exit points.                                                            
  In case you do not know whether exit points were already assigned,            
  use command WRKREGINF, then select with 8 the following entries:              
      QIBM_QTMF_SERVER_REQ  VLRQ0100                                            
      QIBM_QTMF_SVR_LOGON   TCPL0200                                            
  -If no exit program are yet assigned, then your program number must be 1      
  -If some exit programs are already assigned, then your program number         
   must be the next one.                                                        
Figure 2 - Adding the FTP exit programs
... just press Enter and you are done.

Make then sure to restart the FTP server:
- endtcpsvr *FTP
- strtcpsvr *FTP

2. Quick start
At the beginning, before defining in detail the FTP settings you would like to work with, it is a good practice to take some defaults and verify that FTP is still working.
Do the following:
  1. Take option 4 (Work with allowed directories), then option 1 (Public allowed directories) and define as allowed directory the root directory /
  2. Take option 5 (Work with IP addresses), then option 1 (Work with Allowed IP Addresses) and and make sure that there are no entries
  3. Take option 5 (Work with IP addresses), then option 2 (Work with Privileged IP Addresses), and define as privileged the generic IP address of your IBM i LAN (example: 195.126.) where local workstations are connected.
  4. Take option 5 (Work with IP addresses), then option 3 (Work with Excluded IP Addresses), and add the IP address entry *ANY
  5. Take option 6 (Active Defense), then option 1 (Define your Active Defense strategy) and make sure that Enable your defense is set to N
  6. Take option 7 (Start Logging)
Once this is done,
  • Perform some local FTP activities (local workstations connecting to the local IBM i): all connections should work, provided that appropriate user profiles/passewords are used to login.
  • Try to FTP login to your local IBM i from an outside workstation: FTP logging should be denied.
  • Then use option 9 (Display log) to display the FTP log for the current day.
previous page next page